New issue
Advanced search Search tips

Issue 805459 link

Starred by 3 users
Status: Verified
Owner:
rsleevi@chromium.org
Closed: Feb 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 1
Type: Bug

Blocking:
issue 797765



Sign in to add a comment

Distrust Symantec Certificates issued prior to 2016-06-01

Project Member Reported by rsleevi@chromium.org, Jan 24 2018 
As stated in https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html , a phased approach to distrusting Symantec certificates will be followed.

M66 will distrust all Symantec-issued certificates issued prior to June 1, 2016.

Comment 1 by rsleevi@chromium.org, Jan 24 2018

Blocking: 797765
Project Member

Comment 2 by bugdroid1@chromium.org, Jan 27 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c646e48f1ff851d8eb8e2ae713a031684b46db27

commit c646e48f1ff851d8eb8e2ae713a031684b46db27
Author: Ryan Sleevi <rsleevi@chromium.org>
Date: Sat Jan 27 18:08:56 2018

Deprecate Symantec Legacy Certificates issued before 2016-06-01

As documented at
security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html,
support for Legacy Symantec Certificates issued prior to 2016-06-01 is
being removed in Chrome 66.

As part of removing such support, this simplifies the API for the
console warning message, as now there is only one pending deprecation.

Bug:  805459 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: I6c2c8b59f1ad016914ab8f1eaeb4f35bb367df3d
Reviewed-on: https://chromium-review.googlesource.com/883728
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#532239}
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/chrome/renderer/chrome_content_renderer_client.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/chrome/renderer/chrome_content_renderer_client.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/content/browser/loader/resource_loader.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/content/network/url_loader.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/content/public/renderer/content_renderer_client.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/content/renderer/loader/web_url_loader_impl.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/content/renderer/render_frame_impl.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/net/BUILD.gn
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/net/cert/cert_verify_proc.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/net/cert/cert_verify_proc_mac_unittest.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/net/cert/cert_verify_proc_unittest.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/net/data/ssl/certificates/README
[add] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/net/data/ssl/certificates/gms.hongleong.com.my-verisign-chain.pem
[delete] https://crrev.com/e93a97278842441acc34611ec2ccc0b50c13fb6b/net/data/ssl/certificates/tripadvisor-verisign-chain.pem
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/services/network/public/cpp/network_param_ipc_traits.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/services/network/public/cpp/resource_response.cc
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/services/network/public/cpp/resource_response_info.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.cpp
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/Source/core/frame/LocalFrameClient.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/Source/platform/exported/WebURLResponse.cpp
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/Source/platform/loader/fetch/ResourceResponse.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/public/platform/WebURLResponse.h
[modify] https://crrev.com/c646e48f1ff851d8eb8e2ae713a031684b46db27/third_party/WebKit/public/web/WebFrameClient.h

Comment 3 by rsleevi@chromium.org, Jan 27 2018

Labels: Target-66
Project Member

Comment 4 by bugdroid1@chromium.org, Jan 30 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/32915d9096bf271287db89bb72bdea160c229c85

commit 32915d9096bf271287db89bb72bdea160c229c85
Author: Ryan Sleevi <rsleevi@chromium.org>
Date: Tue Jan 30 02:05:54 2018

Add Enterprise Policy to enable Symantec's Legacy PKI

Chrome 66 removes trust in Symantec's Legacy PKI, for certificates
issued before 2016-06-01. This introduces an Enterprise Policy,
EnableSymantecLegacyInfrastructure, which can be used to re-enable
support for the legacy infrastructure for those that need additional
time to transition.

Chrome 70 will fully remove trust in Symantec's Legacy PKI, and this
policy will be removed shortly thereafter (~1-2 releases).

BUG= 805459 , 797765

Change-Id: I4a6f790d4f5573038e0eb9c208412ae944b6ea52
Reviewed-on: https://chromium-review.googlesource.com/890421
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#532731}
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/chrome/browser/policy/configuration_policy_handler_list_factory.cc
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/components/policy/resources/policy_templates.json
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/components/ssl_config/ssl_config_prefs.cc
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/components/ssl_config/ssl_config_prefs.h
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/components/ssl_config/ssl_config_service_manager_pref.cc
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/net/ssl/ssl_config_service.cc
[modify] https://crrev.com/32915d9096bf271287db89bb72bdea160c229c85/tools/metrics/histograms/enums.xml

Comment 5 by rsleevi@chromium.org, Feb 5 2018

Status: Verified (was: Started)

Sign in to add a comment